crypto/x509: panic when validating certificates with DSA public keys (CVE-2025-58188)

[neild]

Validating certificate chains which contain DSA public keys can cause programs
to panic, due to a interface cast that assumes they implement the Equal method.

This affects programs which validate arbitrary certificate chains.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58188 and Go issue https://go.dev/issue/75675.

---

This is a PRIVATE issue for CVE-2025-58188, tracked in http://b/443718612.

/cc @golang/security and @golang/release

[neild]

@gopherbot please open backport issues for this security fix

[gopherbot]

Backport issue(s) opened: #75702 (for 1.24), #75703 (for 1.25).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/709836 mentions this issue: [release-branch.go1.24] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

[gopherbot]

Change https://go.dev/cl/709845 mentions this issue: [release-branch.go1.25] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

[gopherbot]

Change https://go.dev/cl/709853 mentions this issue: crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key